Right now, this must be Dir in order to not crash, but after [1] gets
merged, it will have to be A256GCM.
Since we know the algorithm, let's just ignore it.
[1]: https://github.com/hidekatsu-izuno/josekit-rs/pull/12
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This patch changes from using biscuit to josekit for JWE.
josekit uses OpenSSL for its crypto instead of ring.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
Previously, we were expecting that the input is always utf8 encoded
text.
Since we just convert it to bytes, and print it back out as bytes, we
can just skip the unicode parsing, and accept any provided input.
Fixes: #5
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This should send people strongly to use the defaults, so that other
tools can easily determine whether policies are in use and what their
values are.
It still allows overriding them.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
Clevis v15 added an additional argument, which is either an empty string
or the string "-y".
This argument is not used in this PIN, but we checked the exact number of
arguments to parse, which got changed.
This also accepts more additional arguments, and just ignores them.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This change makes it pass all the different possible values provided by the clevis tpm2
pin test suite.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
It was decided to use standard base64 instead of base64-url because
that's what the Go implementation did by default for a []byte.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
My hardware TPM only supports AES128, so let's use that for now to
be more compatible.
The tpm_sym_def function does take a mutable ctx borrow, so that in
the future it can automatically detect the best supported symdef.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
